2.1 Information Security Officer
Designated ISO
The role of the Information Security Officer (ISO) is assigned to the Head of Operations.
Roles and Responsibilities
The ISO has the primary responsibility for the development, implementation, and maintenance of the company's Written Information Security Plan (WISP).
The ISO is responsible to ensure clients' specific security requirements are understood and met.
The ISO oversees the company's security measures, ensuring they are adequate and comply with all relevant regulations, industry standards, and client requirements.
The ISO coordinates regular training and awareness programs to all employees, stressing the importance of data security and educating them on the company's policies and procedures.
In the event of any reported or identified security incidents, the ISO is tasked with conducting investigations, taking necessary actions for response and recovery, and implementing necessary updates to prevent similar future incidents.
The ISO is also responsible for the regular review and update of the WISP, ensuring its continuous effectiveness and compliance with evolving data security best practices and laws.
Working closely with the IT Department and other relevant parties, the ISO assists in the implementation and management of security technologies such as firewalls, antivirus software, and encryption tools.
Lastly, the ISO provides regular reports to the company management on the state of information security, including any incidents and the steps taken to address them, as well as recommendations for improvements to the WISP.
Last updated